printer friendly version

Smartcard briefs

Public key infrastructure

PKI has been predicted to boom for the past two years, but has so far failed to take off. Now Datamonitor, in its public key infrastructure, 1999-2003 report, predicts that for the first time there is a real business case for PKI. Datamonitor believes PKI products and services will grow at an average rate of 73% year on year until 2003, providing extensive opportunities for software developers, systems integrators, professional service providers and specialist PKI service providers.

Ongoing PKI services, such as the registration and authentication of individuals and institutions will largely be outsourced. As such these services will be a major consideration in the PKI market, given the key roles of authentication and establishing trust which is assumed by the so-called Trusted Third Parties. At US$70 million (R350M) in 1999, revenues from outsourced PKI solutions are still small, reflecting the present lack of fully operable PKI solutions and the current focus on the business community. Revenues from PKI services will rise significantly as B2C e-commerce grows.

Internet banking in Europe

In spite of addressing only a small customer base to begin with, and the inherent security risks, Internet banking is quickly becoming accepted by banks and consumers alike. European consumers are rapidly signing up for e-banking services. The convenience of e-banking has been well received so far and banks are now investing in marketing and offering value-added services to attract more users on-line.

This will propel growth forward, leading to a quadrupling in the Internet banking customer base over the coming four years. The PC is the most widely available on-line access device in Europe in 1999. Yet there is still a relatively low installed base of PCs in Europe, limiting the addressable market. As other access devices are brought on-line, such as interactive television (iTV), and the mobile phone, banks are looking to these to expand their on-line customer base and move transactions to electronic channels.

First Data and Microsoft demonstrate secure web access smartcards

First Data issued more than 300 secure web access smartcards to card issuing clients who attended the First Data 2000 Client Conference 11-13 April in Atlanta. As smartcard industry pioneers, First Data and TTI teamed with Microsoft to provide the secure card applications to First Data conference attendees.

TTI software, installed on Windows-powered smartcards, enabled attendees to purchase a complimentary gift from the merchant website, vote on the location of next year's conference, and receive points for attending conference breakout sessions. First Data's client conference provides an opportunity for their 1400 clients to learn about the latest technologies available from First Data that help clients deliver innovative services to their cardholders.

"First Data recognises consumers need safety, security, and privacy for Internet access," said Ann Kennedy, Vice President, Global Smartcard Business Development. "We wanted to show our clients the secure access chip card solution we can provide to them."

PKI for authentication and security driving chip adoption

One of the most noticeable card developments of 2000 so far has been the rapid rise in importance of PKI (public key infrastructure) technology for authenticating the cardholder. Although a complicated process that mathematically requires the creation of long algorithms and which administratively needs careful and secure handling, the beauty of PKI technology is that for the cardholder, it is a simple and transparent authentication process.

This simplicity and ease of use has given PKI a huge advantage over SET and other authentication methods and explains the speed of take up by providers and scheme developers worldwide.

American Express's blue card for example, is using PKI to allow cardholders to access the company's server so Internet transactions can take place. When a customer's application for a blue card is accepted, they download their individual PKI keys using the card reader supplied by Amex.

When making a transaction, a PIN is used to verify they are the valid people to use the card, which until the adoption of biometric technology is the weakness of the system. It is now possible for the issuer to prove that a certain card has definitely been used to make a transaction, but anyone revealing their PIN to someone with access to their card, can still suffer from unauthorised card use.

Some companies, including Proton, are putting a biometric on chip cards which will then verify the individual, not just the card.

Widespread use of PKI is emerging for a very diverse range of applications. Whenever the card is not present which includes all wireless, telephone and Internet transactions, a means of authenticating the card holder is crucial to cutting the growing number of disputes. It is also proving a fast growing business to business (B2B) requirement, for everything from sharedealing and document exchange to physical access, ordering and purchasing.

There is also a great interest in PKI for campus applications and the US military is advanced in its testing of PKI on multiapplication cards.

Any issuer launching a payment card with the primary aim of enabling electronic commerce is likely to add PKI technology.

The point was made that as electronic chargebacks are now accounting for 43% of disputes at Visa, although on-line transaction only makes up 2% of transactions, even giving away readers, and standing the additional cost of a PKI application will prove a reasonable business case.

For details contact Graham Bendell

Smart Card Society of Southern Africa

tel: (011) 728 4405

fax: (011) 728 3711

e-mail: [email protected]

Share this article:

Further reading: